SECURE BOOT: Change fsl_secboot_validate func to pass image addr
Use a pointer to pass image address to fsl_secboot_validate(), instead of using environmental variable "img_addr". Signed-off-by: Aneesh Bansal <aneesh.bansal@nxp.com> Signed-off-by: Saksham Jain <saksham.jain@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>utp
parent
c4666cf695
commit
85bb389654
|
@ -29,6 +29,8 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
|
||||||
char *hash_str = NULL;
|
char *hash_str = NULL;
|
||||||
uintptr_t haddr;
|
uintptr_t haddr;
|
||||||
int ret;
|
int ret;
|
||||||
|
uintptr_t img_addr = 0;
|
||||||
|
char buf[20];
|
||||||
|
|
||||||
if (argc < 2)
|
if (argc < 2)
|
||||||
return cmd_usage(cmdtp);
|
return cmd_usage(cmdtp);
|
||||||
|
@ -43,7 +45,15 @@ static int do_esbc_validate(cmd_tbl_t *cmdtp, int flag, int argc,
|
||||||
* part of header. So, the function is called
|
* part of header. So, the function is called
|
||||||
* by passing this argument as 0.
|
* by passing this argument as 0.
|
||||||
*/
|
*/
|
||||||
ret = fsl_secboot_validate(haddr, hash_str, 0);
|
ret = fsl_secboot_validate(haddr, hash_str, &img_addr);
|
||||||
|
|
||||||
|
/* Need to set "img_addr" even if validation failure.
|
||||||
|
* Required when SB_EN in RCW set and non-fatal error
|
||||||
|
* to continue U-Boot
|
||||||
|
*/
|
||||||
|
sprintf(buf, "%lx", img_addr);
|
||||||
|
setenv("img_addr", buf);
|
||||||
|
|
||||||
if (ret)
|
if (ret)
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
|
|
|
@ -570,7 +570,7 @@ static int calc_esbchdr_esbc_hash(struct fsl_secboot_img_priv *img)
|
||||||
|
|
||||||
/* Update hash for actual Image */
|
/* Update hash for actual Image */
|
||||||
ret = algo->hash_update(algo, ctx,
|
ret = algo->hash_update(algo, ctx,
|
||||||
(u8 *)img->img_addr, img->img_size, 1);
|
(u8 *)(*(img->img_addr_ptr)), img->img_size, 1);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
@ -646,7 +646,6 @@ static void construct_img_encoded_hash_second(struct fsl_secboot_img_priv *img)
|
||||||
*/
|
*/
|
||||||
static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
|
static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
|
||||||
{
|
{
|
||||||
char buf[20];
|
|
||||||
struct fsl_secboot_img_hdr *hdr = &img->hdr;
|
struct fsl_secboot_img_hdr *hdr = &img->hdr;
|
||||||
void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
|
void *esbc = (u8 *)(uintptr_t)img->ehdrloc;
|
||||||
u8 *k, *s;
|
u8 *k, *s;
|
||||||
|
@ -661,17 +660,14 @@ static int read_validate_esbc_client_header(struct fsl_secboot_img_priv *img)
|
||||||
/* If Image Address is not passed as argument to function,
|
/* If Image Address is not passed as argument to function,
|
||||||
* then Address and Size must be read from the Header.
|
* then Address and Size must be read from the Header.
|
||||||
*/
|
*/
|
||||||
if (img->img_addr == 0) {
|
if (*(img->img_addr_ptr) == 0) {
|
||||||
#ifdef CONFIG_ESBC_ADDR_64BIT
|
#ifdef CONFIG_ESBC_ADDR_64BIT
|
||||||
img->img_addr = hdr->pimg64;
|
*(img->img_addr_ptr) = hdr->pimg64;
|
||||||
#else
|
#else
|
||||||
img->img_addr = hdr->pimg;
|
*(img->img_addr_ptr) = hdr->pimg;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
sprintf(buf, "%lx", img->img_addr);
|
|
||||||
setenv("img_addr", buf);
|
|
||||||
|
|
||||||
if (!hdr->img_size)
|
if (!hdr->img_size)
|
||||||
return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE;
|
return ERROR_ESBC_CLIENT_HEADER_IMG_SIZE;
|
||||||
|
|
||||||
|
@ -814,9 +810,17 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
/* haddr - Address of the header of image to be validated.
|
||||||
|
* arg_hash_str - Option hash string. If provided, this
|
||||||
|
* overides the key hash in the SFP fuses.
|
||||||
|
* img_addr_ptr - Optional pointer to address of image to be validated.
|
||||||
|
* If non zero addr, this overides the addr of image in header,
|
||||||
|
* otherwise updated to image addr in header.
|
||||||
|
* Acts as both input and output of function.
|
||||||
|
* This pointer shouldn't be NULL.
|
||||||
|
*/
|
||||||
int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
|
int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
|
||||||
uintptr_t img_addr)
|
uintptr_t *img_addr_ptr)
|
||||||
{
|
{
|
||||||
struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
|
struct ccsr_sfp_regs *sfp_regs = (void *)(CONFIG_SYS_SFP_ADDR);
|
||||||
ulong hash[SHA256_BYTES/sizeof(ulong)];
|
ulong hash[SHA256_BYTES/sizeof(ulong)];
|
||||||
|
@ -869,7 +873,7 @@ int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
|
||||||
/* Update the information in Private Struct */
|
/* Update the information in Private Struct */
|
||||||
hdr = &img->hdr;
|
hdr = &img->hdr;
|
||||||
img->ehdrloc = haddr;
|
img->ehdrloc = haddr;
|
||||||
img->img_addr = img_addr;
|
img->img_addr_ptr = img_addr_ptr;
|
||||||
esbc = (u8 *)img->ehdrloc;
|
esbc = (u8 *)img->ehdrloc;
|
||||||
|
|
||||||
memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));
|
memcpy(hdr, esbc, sizeof(struct fsl_secboot_img_hdr));
|
||||||
|
|
|
@ -238,7 +238,7 @@ struct fsl_secboot_img_priv {
|
||||||
|
|
||||||
struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
|
struct fsl_secboot_sg_table sgtbl[MAX_SG_ENTRIES]; /* SG table */
|
||||||
uintptr_t ehdrloc; /* ESBC Header location */
|
uintptr_t ehdrloc; /* ESBC Header location */
|
||||||
uintptr_t img_addr; /* ESBC Image Location */
|
uintptr_t *img_addr_ptr; /* ESBC Image Location */
|
||||||
uint32_t img_size; /* ESBC Image Size */
|
uint32_t img_size; /* ESBC Image Size */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -246,7 +246,7 @@ int do_esbc_halt(cmd_tbl_t *cmdtp, int flag, int argc,
|
||||||
char * const argv[]);
|
char * const argv[]);
|
||||||
|
|
||||||
int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
|
int fsl_secboot_validate(uintptr_t haddr, char *arg_hash_str,
|
||||||
uintptr_t img_loc);
|
uintptr_t *img_addr_ptr);
|
||||||
int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
|
int fsl_secboot_blob_encap(cmd_tbl_t *cmdtp, int flag, int argc,
|
||||||
char * const argv[]);
|
char * const argv[]);
|
||||||
int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
|
int fsl_secboot_blob_decap(cmd_tbl_t *cmdtp, int flag, int argc,
|
||||||
|
|
Loading…
Reference in New Issue